AWS KMS如何确定解密时使用哪个密钥? [英] How AWS KMS determine which key to use when decrypt?
问题描述
我对aws-kms
如何选择用于解密密文blob的密钥感到困惑?
I'm confused on how the aws-kms
select which key to use to decrypt a ciphertextblob?
调用解密方法时,不提供任何密钥信息.
When calling the decrypt method, no key information is provided.
推荐答案
加密时,KMS将CMK信息存储在ciphertextblob(CiphertextBlob:包括元数据的密文)中作为元数据.因此,在调用解密时,KMS知道要使用哪个CMK.
When you encrypt, KMS stores the CMK information in the ciphertextblob (CiphertextBlob: Ciphertext including metadata) as metadata. So while calling decrypt, KMS knows which CMK to use.
更多详细信息,请参见: https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf https://docs.aws.amazon.com/cli/Latest/reference/kms/encrypt.html
More details in: https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html
这篇关于AWS KMS如何确定解密时使用哪个密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!